CVE-2026-26010
JWT Disclosure in OpenMetadata Ingestion API Enables Privilege Escalation
Publication date: 2026-02-11
Last updated on: 2026-02-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open-metadata | openmetadata | to 1.11.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading OpenMetadata to version 1.11.8 or later, where this vulnerability is fixed.
If upgrading is not immediately possible, restrict access to the /api/v1/ingestionPipelines endpoint to only trusted admin or service accounts to prevent read-only users from accessing JWT tokens.
Rotate ingestion bot tokens in affected environments to invalidate any leaked JWTs.
Implement monitoring to detect unauthorized access or use of ingestion-bot JWTs.
Can you explain this vulnerability to me?
CVE-2026-26010 is a high-severity privilege escalation vulnerability in OpenMetadata versions prior to 1.11.8. It occurs because the API endpoint /api/v1/ingestionPipelines leaks JSON Web Tokens (JWTs) used by highly privileged ingestion-bot accounts for services like Glue, Redshift, and Postgres.
This leakage allows any read-only user to obtain these JWTs and impersonate the ingestion bot role, which has elevated privileges. As a result, unauthorized users can perform destructive actions and access sensitive data that should be restricted by roles and policies.
The root cause is improper privilege management, where the system fails to properly assign or check privileges, leading to unintended control by unauthorized actors.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized access to highly privileged accounts within OpenMetadata.
- Destructive changes to OpenMetadata instances.
- Potential leakage of sensitive data such as sample data and service metadata that should be restricted.
- Compromise of data integrity due to unauthorized mutation of database descriptions and other metadata.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring API calls to the endpoint /api/v1/ingestionPipelines for unexpected exposure of JWT tokens used by ingestion-bot accounts. Specifically, look for API responses that include jwtToken fields accessible to read-only users, which should not normally have access to these tokens.'}, {'type': 'paragraph', 'content': 'Commands to detect this might include using network traffic inspection tools like curl or wget to query the vulnerable endpoint and check for JWT token leakage, for example:'}, {'type': 'list_item', 'content': "curl -X GET https://<openmetadata-instance>/api/v1/ingestionPipelines -H 'Authorization: Bearer <read-only-user-token>'"}, {'type': 'list_item', 'content': 'Inspect the response for presence of jwtToken fields that should not be exposed.'}, {'type': 'paragraph', 'content': 'Additionally, monitoring logs for unusual access patterns or privilege escalations involving ingestion-bot roles can help detect exploitation attempts.'}] [1]